If you have not yet applied the latest patches for your Apple devices (both macOS and iOS), you should do so as soon as possible, as we already know that older versions contained more vulnerabilities than previously thought.
Cybersecurity researchers from Trellix recently published a detailed report blog post (opens in a new tab)which discussed the detection of multiple security vulnerabilities that are “a significant violation of the macOS and iOS security model whereby individual apps have precise access to a subset of the resources they need and query higher-privileged services for anything else.”
According to the report, one of the vulnerabilities was found in CoreDuetd, a process that collects behavior data. Researchers found that a code-executing attacker in a process with the appropriate permissions (e.g. Safari) could exploit that process’ permissions to execute malicious code. Since this process runs as root on macOS, cybercriminals can also access people’s calendars, address books, and photos.
A similar problem (with similar consequences) applies to another process related to CoreDuetd called ContextStored. This allows cybercriminals to exploit the vulnerable XPC service for code execution using a process with higher privileges.
In addition, the appstored and appstoredagent daemons also host vulnerable XPC services, allowing cybercriminals to install illegal applications, including system applications.
Additional similar vulnerabilities were found in services available to almost every application – OSLogService and UIKitCore.
“By setting rules to activate malicious scenes, an app can execute code on SpringBoard, a highly privileged app that can access location data, camera and microphone, call history, photos, and other sensitive data, and wipe the device,” the researchers concluded.
While these vulnerabilities can be dangerous and can result in data exfiltration, malware (opens in a new tab) deployment, and in extreme cases – destruction of endpoints – have all been solved by Apple. MacOS 13.2 and iOS 16.3 fixed the issues, so Trelling urges all users not to wait to apply the patch.